Before, if the container was run with a specified user that wasn't root, exec would fail because it always set to root unless respecified by user.
instead, inherit the user from the container start.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
podman stats does not work in rootless environments with cgroups V1.
Fix error message and document this fact.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a breaking change and modifies the resulting image name when
pulling from an directory via `oci:...`.
Without this patch, the image names pulled via a local directory got
processed incorrectly, like this:
```
> podman pull oci:alpine
> podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/oci alpine 4fa153a82426 5 weeks ago 5.85 MB
```
We now use the same approach as in the corresponding [buildah fix][1] to
adapt the behavior for correct `localhost/` prefixing.
[1]: https://github.com/containers/buildah/pull/1800
After applying the patch the same OCI image pull looks like this:
```
> ./bin/podman pull oci:alpine
> podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/alpine latest 4fa153a82426 5 weeks ago 5.85 MB
```
End-to-end tests have been adapted as well to cover the added scenario.
Relates to: https://github.com/containers/buildah/issues/1797
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
add ability to not activate sd_notify when running under varlink as it
causes deadlocks and hangs.
Fixes: #3572
Signed-off-by: baude <bbaude@redhat.com>
in the case where the host has a large journald, iterating the journal
without using a Match is very poor performance. this might be a
temporary fix while we figure out why the systemd library does not seem to
behave properly.
Signed-off-by: baude <bbaude@redhat.com>
Remove GraphDriver.Data.MergedDir from the result of podman inspect if the container not mounte. Because the /var/lib/containers/.../merged directory is no longer created by default; it only exists during the scope of podman mount.
Signed-off-by: Qi Wang <qiwan@redhat.com>
JSON optimizes it out in that case anyways, so don't waste cycles
doing an Itoa (and Atoi on the decode side).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We weren't actually storing this, so we'd lose the exit code for
containers run with --rm or force-removed while running if the
journald backend for events was in use.
Fixes#3795
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Set the string to "libpod/VERSION" so that we don't use the unspecific
default of "Go-http-client/xxx".
Fixes#3788
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
when creating the default libpod.conf file, be sure the default OCI
runtime is cherry picked from the system configuration.
Closes: https://github.com/containers/libpod/issues/3781
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Requirement from https://github.com/containers/libpod/issues/3575#issuecomment-512238393
Added --pull for podman create and pull to match the newly added flag in docker CLI.
`missing`: default value, podman will pull the image if it does not exist in the local.
`always`: podman will always pull the image.
`never`: podman will never pull the image.
Signed-off-by: Qi Wang <qiwan@redhat.com>
After restoring a container with a different name (ID) the ConmonPidFile
was still pointing to the path of the original container.
This means that the last restored container will overwrite the
ConmonPidFile of the original container. It was also not possible to
restore a container with a new name (ID) if the original container was
not running.
The ConmonPidFile is only changed if the ConmonPidFile starts with the
value of RunRoot. This assumes that if RunRoot is part of ConmonPidFile
the user did not specify --conmon-pidfile' during run or create.
Signed-off-by: Adrian Reber <areber@redhat.com>
in the case where we rmi an image that has only one reponame, we print
out an untagged reponame message.
$ sudo podman rmi busybox
Untagged: docker.io/library/busybox:latest
Deleted: db8ee88ad75f6bdc74663f4992a185e2722fa29573abcc1a19186cc5ec09dceb
Signed-off-by: baude <bbaude@redhat.com>
it looks like the core-os systemd library has some issue when using
seektail and add match. this patch works around that shortcoming for
the time being.
Fixes: #3616
Signed-off-by: baude <bbaude@redhat.com>
commit 223fe64dc0 introduced the
regression.
When running on cgroups v1, bind mount only /sys/fs/cgroup/systemd as
rw, as the code did earlier.
Also, simplify the rootless code as it doesn't require any special
handling when using --systemd.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1737554
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
A container restored from an exported checkpoint did not have its
StartedTime set. Which resulted in a status like 'Up 292 years ago'
after the restore.
This just sets the StartedTime to time.Now() if a container is restored
from an exported checkpoint.
Signed-off-by: Adrian Reber <areber@redhat.com>
Old versions of conmon have a bug where they create the exit file before
closing open file descriptors causing a race condition when restarting
containers with open ports since we cannot bind the ports as they're not
yet closed by conmon.
Killing the old conmon PID is ~okay since it forces the FDs of old
conmons to be closed, while it's a NOP for newer versions which should
have exited already.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
we should be looking for the libpod.conf file in /usr/share/containers
and not in /usr/local. packages of podman should drop the default
libpod.conf in /usr/share. the override remains /etc/containers/ as
well.
Fixes: #3702
Signed-off-by: baude <bbaude@redhat.com>
OpenShift Merge Robot
Peter Hunt
Daniel J Walsh
Sascha Grunert
Giuseppe Scrivano
Chen Zhiwei
baude
Qi Wang
Matthew Heon
Stefan Becker
Adrian Reber
Valentin Rothberg